Malicious hackers commonly use phishing emails to lure would-be victims into clicking a seemingly harmless link that will actually install malware on their computers, allowing the perpetrators to siphon data, or even spy on their victims.
But the FBI is increasingly using the same techniques in its investigations; that’s how it tried to track down a suspect who was making a series of bomb threats last year, according to The Washington Post, which confirms that the feds are relying on hacker’s tricks to fight crime.
The FBI’s elite hacker team created a customized piece of malicious software, or malware, that would install on a suspect’s computer when he signs into his Yahoo email account. A judge in Colorado authorized the bureau to use the malware, according to court documents obtained byThe Post.
The malware was designed specifically to siphon certain information from the suspect’s computer to the FBI, including location data and websites visited. What’s more, it allows the FBI to spy on a suspect through his webcam even without its indicator light turning on.
This is not the first time that the FBI has reportedly used malware, spyware and other hacking tricks to track down suspected criminals.
In August, it was revealed that the FBI uses sophisticated hacking tools. Chris Soghoian, principal technologist at the American Civil Liberties Union, discovered this after researching LinkedIn, where FBI contractors openly advertised their hacking services for the bureau.
The FBI’s use of these techniques has critics concerned they could be too intrusive and perhaps illegal.
“There hasn’t been a debate in Congress about the FBI getting into the hacking business; there hasn’t been any legislation giving this power; this just sort of happened out of nowhere,” Soghoian said at the Def Con hacking conference this summer.
This shaky legal ground was evident in a similar case earlier this year in which a Texas judge refused to sign off on an FBI warrant request to install malware that would covertly extract files from a suspect’s laptop, and take pictures using its camera, according to The Wall Street Journal.
“It’s time for a real discussion about what the rules should be,” Kevin Bankston, a privacy and free speech lawyer and the policy director of the New America Foundation’s Open Technology Institute, said on Twitter.
In the case of the would-be bomber, identified only as “Mo,” the malware didn’t work as intended, but revealed that Mo actually loves in Tehran, where he is safe from arrest by the FBI — although not from its hacking tools.
Have something to add to this story? Share it in the comments.
Image: Mehdi Taamallah/AFP/Getty Images